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IN THE CLAIMS: 

i 1-5 (CANCELLED) 

1 6. (PREVIOUSLY PRESENTED) A method for creating and maintaining a plurality of 

2 virtual servers within a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server 

4 by allocating units of storage and network addresses of network interfaces of the server to 

5 each instance of the virtual server, and sharing an operating system and a file system of 

6 the server among all of the virtual servers; 

7 enabling controlled access to the resources using logical boundary checks and se- 

8 curity interpretations of those resources within the server; and 

9 providing a vfiler context structure including information pertaining to a security 

10 domain of the vfiler. 

1 7. (ORIGINAL) The method of Claim 6 wherein the step of allocating comprises the step 

2 of providing a vfstore list of the vfiler context structure, the vstore list comprising point- 

3 ers to vfstore soft objects, each having a pointer that references a path to a unit of storage 

4 allocated to the vfiler. 

1 8. (ORIGINAL) The method of Claim 7 wherein the step of allocating further comprises 

2 the step of providing a vfnet list of the vfiler context structure, the vfhet list comprising 
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3 pointers to vfhet soft objects, each having a pointer that references an interface address 

4 data structure representing a network address assigned to the vfiler. 

1 9. (ORIGINAL) The method of Claim 8 wherein the step of enabling further comprises 

2 the step of performing a vfiler boundary check to verify that a vfiler is allowed to access 

3 certain storage resources of the filer. 

1 10. (ORIGINAL) The method of Claim 9 wherein the step of performing comprises the 

2 step of validating a file system identifier and qtree identifier associated with the units of 

3 storage. 

1 11. (ORIGINAL) The method of Claim 10 wherein the step of performing further com- 

2 prises the steps of: 

3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the vfiler is authorized to access the unit of storage; 

5 if the vfiler is not authorized to access the requested unit of storage, immediately 

6 denying the request; 

7 otherwise, allowing the request; and 

8 generating file system operations to process the request. 

i 12. (CANCELLED) 
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1 13. (PREVIOUSLY PRESENTED) A system adapted to create and maintain a plurality 

2 of virtual servers within a server, the system comprising: 

3 storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 network interfaces assigned one or more network address resources, the network 

6 address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system; 

10 a context data structure provided to each virtual server, the context data structure 

1 1 including information pertaining to a security domain of the virtual server that enforces 

12 controlled access to the allocated and shared resources; and 

13 a processing element coupled to the network interfaces and storage media, and 

14 configured to execute the operating and file systems to thereby invoke network and stor- 

15 age access operations in accordance with results of the boundary check of the file system. 



1 14. (ORIGINAL) The system of Claim 13 wherein the units of storage resources are vol- 

2 umes and qtrees. 

1 15. (ORIGINAL) The system of Claim 14 further comprising a plurality of table data 

2 structures accessed by the processing element to implement the boundary check, the table 

3 data structures including a first table having a plurality of first entries, each associated 

4 with a virtual server and accessed by a file system identifier (fsid) functioning as a first 
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5 key into the table, each first entry of the first table denoting a virtual server that com- 

6 pletely owns a volume identified by the fsid. 

1 16. (ORIGINAL) The system of Claim 15 wherein the table data structures further in- 

2 elude a second table having a plurality of second entries, each associated with a virtual 

3 server and accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), 

4 each second entry of the second table denoting a virtual server that completely owns a 

5 qtree identified by the fsid and qtreeid. 

1 17. (ORIGINAL) The system of Claim 16 wherein the server is a filer and wherein the 

2 virtual servers are virtual filers. 

l 18. (CANCELLED) 

l 19. (CANCELLED) 

1 20. (PREVIOUSLY PRESENTED) Apparatus adapted to create and maintain a plurality 

2 of virtual filers (vfilers) within a filer, the apparatus comprising: 

3 means for allocating dedicated resources of the filer to each vfiler; 

4 means for sharing common resources of the filer among all of the vfilers; and 

5 means for enabling controlled access to the dedicated and shared resources using 

6 logical boundary checks and security interpretations of those resources within the 

5 



PATENTS 
112056-0022 
P01-1047 



7 server and for providing a vfiler context structure including information pertain- 

8 ing to a security domain of the vfiler. 



i 21. (CANCELLED) 



l 22. (CANCELLED) 



1 23. (PREVIOUSLY PRESENTED) A computer readable medium containing executable 

2 program instructions for creating and maintaining a plurality of virtual filers (vfilers) 

3 within a filer, the executable program instructions comprising program instructions for: 

4 allocating dedicated resources of the filer to each vfiler; 

5 sharing common resources of the filer among all of the vfilers; and 

6 enabling access to the dedicated and shared resources using logical boundary checks and 

7 security interpretations of those resources within the server andjroviding a vfiler context 

8 structure including information pertaining to a security domain of the vfiler. 



l 24. (CANCELLED) 



i 25. (CANCELLED) 
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1 Please add new claims 26 et al 



1 26. (New) A method for creating and maintaining a plurality of virtual servers within a 

2 server, the method comprising the steps of: 

3 allocating units of storage and network addresses of network interfaces of the 

4 server to each instance of the virtual server; 

5 using boundary checks to access resources allocated to the virtual servers, where a 

6 particular virtual server is limited by the boundary check to only access the resources as- 

7 signed to that particular virtual server. 



1 27. (New) An apparatus adapted to create and maintain a plurality of virtual servers 

2 within a server, comprising: 

3 means for allocating units of storage and network addresses of network interfaces 

4 of the server to each instance of the virtual server; 

5 means for using boundary checks to access resources allocated to the virtual serv- 

6 ers, where a particular virtual server is limited by the boundary check to only access the 

7 resources assigned to that particular virtual server. 



1 28. (New) A system adapted to create and maintain a plurality of virtual servers within a 

2 server, the system comprising: 

3 a storage media configured to allocate units of storage and network addresses of 

4 network interfaces of the server to each instance of the virtual server network interfaces 
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assigned one or more network address resources, the network address resources allocated 
among each of the virtual servers; 

an operating system adapted to perform a boundary check to verify access to re- 
sources allocated to the virtual servers, where a particular virtual server is limited by the 
boundary check to only access the resources assigned to that particular virtual server. 
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